ct logo wslogan

i-medIT Blog

Your Router Can Host Some Pretty Nasty Malware

Your Router Can Host Some Pretty Nasty Malware

Hundreds of millions of people use wireless Internet connections every day, and as a result, hackers are taking that as a challenge. They are now starting to develop malware that targets people through their routers. Recently, security researchers at Kaspersky Lab have discovered the malware named Slingshot. The code is designed to spy on PCs through a multi-layer attack that targets MikroTik routers. Today we take a look at Slingshot, and other router-based malware and what you can do about it.

Slingshot works by replacing a library file with a malicious version that downloads more malicious components and then eventually launches a two-front attack on the computers connected to it. The first one runs low-level kernel code that gives an intruder free rein of a system, while the other focuses on the user level and includes code to manage the file system and keep the malware alive.

It is a very intricate attack that calls the nefarious code in from an encrypted virtual file system; managing to do so without crashing the host system, a feat not lost on the security experts at Kaspersky Lab, who deemed it a state-sponsored attack because of the quality of the overall attack and the complexity of its components. Reports suggest that the malware can basically steal whatever it wants, including keyboard strokes, passwords, screenshots, and information about network usage and traffic.

MikroTik has announced that they have patched the vulnerability on versions of their routing firmware, but concerns remain as no one is sure if other router manufacturers have been affected. If that were to come to fruition, Slingshot could be a much larger problem than is currently believed.

Other Instances
Slingshot isn’t the first instance of a router turning on its owner. Traditionally, router security is known to be largely unreliable. Much of this is on the manufacturers, which have been known to build many different products without having a strategy in place to keep them working with up-to-date security. It is also up to the user to keep their router’s firmware up-to-date - something that is very easy to not keep top-of-mind. Plus, some routers make firmware updates time-consuming and difficult.

To attack the network, hackers seek to change the DNS server setting on your router. When you try to connect to a secure website, the malicious DNS server tells you to go to an elaborately constructed phishing site instead. By spoofing the domain and rerouting you to a website that is specifically constructed to take advantage of you, you have very little chance of warding off the attack before it’s too late.

Hackers have also been known to inject all types of user hindrances such trying to perform drive-by downloads, or inundating users with advertisements. Many attacks make use of cross-site request forgery attacks where a malicious actor creates a rogue piece of JavaScript that repeatedly tries to load the router’s web-admin page and change the router’s settings.

What to Do If This Happens to You
The first thing you should do is work to ascertain if your router has been compromised. You can do this in several ways, but the most telling is that your DNS server has been changed. You’ll have to access your router's web-based setup page. Once in, you have to visit the Internet connection screen. If your DNS setting is set to automatic, you are in the clear. If it’s set to “manual”, however, there will be custom DNS servers entered in the space. Many times, this is the first sign of a problem.

If you have been compromised, ensuring your router is set up to your manufacturer’s specifications will help you mitigate damage. To ward against this happening to you, you should always:

  • Install firmware updates: Making sure your router’s firmware is updated to the latest version will definitely help.
  • Disable remote access: Stop remote access to secure against anyone changing settings on your networking equipment.
  • Turn off UPnP: Plug and play can be very convenient, but your router could be affected through UPnP if there is any malware on the network since it is designed to universally trust all requests.
  • Change credentials: Changing your passwords are a simple way of keeping unwanted entities out of your router.

For more information about network and cybersecurity, the expert technicians at i-medIT are accessible and ready to help you keep your network and infrastructure secure. For help, call us at 630-549-6199.

Save the Date: Microsoft Products End of Life
Know Your Tech: Cache


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Thursday, March 21 2019

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Best Practices Google Privacy Business Computing Cloud Hackers Innovation User Tips Mobile Devices Data Hosted Solutions Tech Term Email Backup Internet Network Security Malware Microsoft Productivity Efficiency Data Backup Hardware Business Workplace Tips VoIP Smartphones Data Recovery Android Smartphone Cloud Computing Communications Browser Windows Communication Internet of Things Windows 10 Software Business Management Cybercrime Small Business Managed IT Services IT Services Computer Chrome Business Continuity Cybersecurity Artificial Intelligence Router Gadgets IT Support Ransomware Network Server How To Outsourced IT Automation Computers Miscellaneous Disaster Recovery Information Office 365 Collaboration Word Save Money BDR Spam Money Productivity Mobile Device Management Law Enforcement Operating System Applications Social Engineering Social Media Saving Money Mobile Device Upgrade App Data Protection Phishing Passwords Bring Your Own Device Paperless Office Managed IT Services Voice over Internet Protocol Sports Managed Service Data Breach Connectivity Data Security Safety Two-factor Authentication Encryption Private Cloud Google Drive Vulnerability Bandwidth Facebook Wi-Fi Settings Telephone Systems Quick Tips Holiday Alert Website Blockchain Cleaning Spam Blocking Remote Monitoring Gmail Virtual Assistant Data storage Identity Theft Managed IT Physical Security BYOD Business Intelligence YouTube Password Telephony Machine Learning Data Storage Human Resources Windows 10 Recovery Networking Meetings Update Government Telephone System Windows 7 Botnet Infrastructure Downtime Virtualization The Internet of Things Software as a Service Scam IT Management Health VPN Access Control Fraud Public Cloud CES Keyboard OneNote IT Plan Augmented Reality Redundancy Google Docs Content Management Microsoft Office Avoiding Downtime Internet Exlporer Cryptocurrency Servers Apps Unsupported Software Comparison Sync Monitor Amazon Web Services PDF DDoS Document Management Search Engine Budget Screen Mirroring Touchpad iPhone Practices Wireless Technology Addiction Warranty Root Cause Analysis Office Recycling Cryptomining Safe Mode Save Time Tip of the week Remote Work Internet exploMicrosoft Wiring Flexibility Computer Fan Hacking Employer-Employee Relationship Marketing Digital Signage HVAC Vendor Firewall Software Tips Black Market Specifications History Smart Tech Charger Online Shopping Bing Cast Managed Service Provider HIPAA Hosted Computing Cache Printer Relocation eWaste Database Digital Signature Hiring/Firing Netflix Windows Server 2008 Advertising Unified Threat Management Mobility FENG Workers Tech Support Google Search Enterprise Content Management Display webinar Computer Care Windows 10s Evernote Security Cameras Help Desk Patch Management Current Events Inventory MSP Wireless Internet Mouse USB Criminal Business Technology Automobile Outlook Credit Cards Devices Mobile Computing Legal Shadow IT Proactive IT Password Management Conferencing HBO Millennials User Error Samsung Skype Wireless Charging Hacker Knowledge Multi-Factor Security Staff File Sharing Humor Chromecast Wire Administrator IBM WiFi Accountants Work/Life Balance Flash Thought Leadership Camera Travel Password Manager Net Neutrality NIST Emails Frequently Asked Questions Robot Workforce HaaS Entertainment Value Solid State Drive Start Menu Reputation Cortana Uninterrupted Power Supply Smartwatch Going Green Shortcuts Network Congestion Trending Authentication Amazon Hybrid Cloud Smart Office Microchip Big Data Supercomputer Data loss Laptop Apple Training Data Management NarrowBand Business Mangement ISP Electronic Medical Records Excel Telecommuting End of Support Audit Tools Customer Google Apps Office Tips Employee Social IT Consultant Files Nanotechnology Remote Worker Vendor Management Books Video Games Music Thank You Virtual Reality Bluetooth IT solutions SaaS Battery Information Technology Emergency Scalability Wearable Technology Congratulations Worker Commute Risk Management Education Smart Technology Content Search Employer Employee Relationship Worker Politics Assessment Computing Infrastructure Two Factor Authentication Techology Audiobook Company Culture How to Instant Messaging Troubleshooting Biometric Security Compliance Computer Accessories Rootkit Best Practice Television Wireless Managing Stress Transportation Remote Computing Regulation Twitter Printers Experience Public Computer CrashOverride Users Webinar IT Support Loyalty Benefits